Patches for Macs, and Advice for Mac Users

Apple last week released Mac OS X 10.6.1, the first security update for Snow Leopard users. Cupertino also issued a bundle of updates to fix more than 30 security flaws in its 10.4 and 10.5 OS X and OS X Server systems.

The Tiger and Leopard security bundles also include the Flash update, along with security fixes for components like ColorSync and CoreGraphics.

The updates are available through Software Update or via Apple Downloads.

One final note: Over the weekend, a number of Security Fix readers who are also Mac users wrote in to ask for advice after being peppered with rogue anti-virus pop-ups. The readers complained they received the bogus alerts while browsing The New York Times' Web site.

The Times published a brief acknowledgment of this problem today, saying the company believes this was generated by an unauthorized advertisement, and that it is working to prevent the problem from recurring." According to the dozens of posts about this on Apple's support forum, it seems that many Mac users believe these rogue anti-virus attacks pose some kind of threat to them. The short answer is that at this point, they do not.

In short, if you're a Mac user and you see one of these rogue anti-virus pop-ups, remain calm, close out your browser, and restart it. If the attacking site manages to download a ".exe" file to your Mac, just toss it in the trash.

Most Mac users probably are savvy enough to know that Windows executable files (those ending in ".exe") cannot run or be launched in Mac OS X systems. So far, none of the rogue anti-virus threats that I have seen try to drop the equivalent ".dmg" installer files when users merely browse the site. There are, however, threats like DNSChanger, that disguise themselves as legitimate video plug-ins for the browser and try to download ".dmg" files. But even then the user will know something is awry because the installer will prompt the user to enter her password before installing.

I picked up this scareware at the NYT early Saturday morning. After quickly closing down my Opera browser (I recalled your earlier suggestions), I ran SuperAntiSpyware and my PC immediately re-booted. Running SAS again found nothing, and since then I have seen nothing odd.

I started getting the Personal Antivirus pop-up window shortly after installing Snow Leopard and twice, even though clicking Cancel, it downloaded a pre-install .exe file a couple of times each time it came up. Talked to Apple Care tech about slow mouse when Time Machine backs up via bluetooth on Time Capsule and noted the mouse is even slower at backup than in Leopard. No fix was available so I asked about the virus scam that had Windows colors and got the recommended Intego X5. Now Adobe flash is disabled and when on the NYTimes site I get constant orange notices that the program has stopped an attempt to use flash. So far no response from Intego, although I just sent my request last night.

When I try to play a Quick Time movie I am alerted that it needs to be installed even though the icon is in the dock, it doesn't respond. How do I get Quick Time and Adobe Flash back?

Good to see I'm not alone... I had a simultaneous crash of my home PC and work MacBook Pro. The Mac video card fizzled when I downloaded the last OS 10.5.8 security update. Fortunately it's under warranty but I had to get a new motherboard. I think I'll wait before loading Snow Leopard.

On my PC I got inundated with fake anti-spyware and eventually just reinstalled Windows XP. Ugh.

I had a massive infestation in the last week and couldn't open any executable file. Here was my workaround, and it fixed a colleague's computer too:

1) Right-click on Firefox, select Run As, and then unclick the box that says Protect My Computer From Unauthorized Activity. This will allow you to open the browser again.
2) Go the Malwarebytes site above and download the program.
3) Re-name the mbam setup.exe to seteup.com. This will allow you to install the program without running it as an executable.
4) Run the Malwarebytes program. It should uncover and remove the problem.
5) Run executable files again.

Saturday, running IE on my PC, when I tried to open a story in NYTimes, I got both an AVG virus alert and an IE "cannot display this page" message. Closed IE, ran AVG scan that showed no viruses on computer. Despite all the complaints here about AVG, it apparently is doing its job.

I tripped over those scareware warnings a couple of times running Firefox on WinXP. When the scareware prompt came up (and after I got over the shock that this was coming from a NYTimes page), I closed Firefox and ran a malwarebytes scan. Nothing detected, so hopefully all is well. But I'm still waiting for a detailed explanation from the NYTimes. More importantly, I'd like them to offer a convincing explanation of how this will never happen again.

I'm not sure that "we [...] have taken steps" constitutes a convincing argument. Yes, I understand that describing those steps in detail can help the next bad guy devise a plan for circumventing them. But still, their explanation at this point amounts to "trust us."

Interestingly, I got the fake anti-virus message while viewing the NYT with Chromium on Kubuntu linux. The amusing part was that the invader displayed a fake Windows XP-style page in a new tab -- with the claim that I was watching the nastyware "fix" my system. Oops. Maybe next time they'll use a graphic that actually matches their intended victim's OS (along with a file that will open on that user's computer). At any rate, I just clicked off the browser and restarted it--no more problem.

My only complaint with Snow Leopard is now I can't sync my iTunes to my iPod, and can't seem to work around it, even after taking out the iTunes and reinstalling it, and resetting the iPod. It's somewhat annoying, because I have to now take it to the Apple store where I live and get it fixed. What happened here? If someone has any insight as to what may have happened, please let me know; I would greatly appreciate it.

Here I am on an old G4 MAC running the up to date TIGER OS. Leopard would not install on this old timer even though the G4 microprocessor has been upgraded.

So we buy online 2 tickets to Cape Cod on Peter Pan bus line out of NYC and download what is supposed to be a PDF file with the e tickets, one for me one for my wife.

The file name ended in the following: ".pdf.exe"

Noticing only the expected ".pdf" portion, I double clicked the icon. Up came Virtual PC 6!!!

I've been using this to run Lotus 123 (version 9.8 now) cause I have all these old Lotus 123 spreadsheets developed years ago.

So inside Virtual PC, up came Windows XP (also up to date current version), and, in this, up came an old version of Adobe Acrobat Reader. Nothing else though. That was it.

To satisfy my curiosity, I did try to copy / paste the downloaded ".pdf.exe" file into Windows XP from TIGER, but this did not take.

So back to TIGER and the downloaded ".pdf.exe" file: I renamed this file simply stripping off the ".exe"

When double clicked, Adobe Acrobat came up, displaying the pdf with the tickets. These were printed, given to the bus driver the next day and we we were off to Providence RI, then on to Barnstable MA. My sister-in-law met the bus and drove to her place in Dennis.

The following day we visited the Marconi Site where only one of four great towers has left any trace. This relic should be seen by all before the sea washes it away. Not far is another relic of transatlantic communication: The French Cable Company station in Orleans.

The Museum of Natural History in Brewster and the Edward Gorey House in Yarmouth Port were special treats as well.